Home » Business Continuity » Preparedness

Tabletop Exercises: Three Sample Scenarios

Six tips and three scenarios to get you started on a tabletop exercise

December 01, 2006 — CSO — A tabletop exercise is a great way to get business continuity plans off the written page without the interruption of a full-scale drill. Rather than actually simulating a disaster, the crisis management group gathers for three hours to talk through a simulated disaster.

It can be a full-scale production that involves local first responders and professional moderators. Or it can be a simple affair conducted by in-house disaster planners. The idea is to have an escalating scenario that unfolds in several segments. After each segment, small working groups discuss how they would respond, then report back to each other before hearing from moderators about what happens next.

Tips for an Effective Tabletop

Decide how much gloom and doom you want. When planning a tabletop, Joe Flach, VP of Eagle RockAlliance, asks, "Do you want this to be a physical event with assets damaged and destroyed, or do you just want those things inaccessible? Do you want death and injuries, or just to test the ability to get work up and going someplace else?"

Test how quickly you can pull together key players. At public utility PSE&G, Director of Corporate Security Mike Paszynsky says the crisis management group doesn't always know when a tabletop will occur. Instead, the company tests how quickly it could reach all those individuals. Specialized software pings team members' phone numbers and communications devices, alerting them that the crisis management team is assembling.

Involve everyone. Make sure each person has a role. If one person answers all the questions, have others enact how they would respond if that person were unavailable.

Acknowledge that first-timers may be nervous. "Some business managers don't want to show that they may not know how to respond to a certain issue," says Rad Jones of Michigan State University. To make them more comfortable, consider an hour-long orientation. Later, work your way up to a three-hour exercise, and then invite local law enforcement and first responders to participate.

Encourage misinformation. During a crisis, Flach says, "you're always asked to make timely decisions based on incomplete and inaccurate information." You can simulate the confusion this causes by giving the groups handouts containing different information.

Take the lessons with you. A designated note-taker should keep track of what happens; always leave time for lessons learned.

Scenario 1 A disgruntled employee starts a data center fire

Segment 1: A small fire begins just outside the data center, setting off the alarm system. By the time the fire department arrives, the fire has been extinguished by the sprinkler system, but the building has been evacuated. Employees and people who work in nearby buildings want to know what has happened, as does the media. Then, as people begin to go back inside, the receptionist takes a call from someone who indicates that the fire is "only the beginning" because the company hasn't treated him right.